Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-4317

Bug: locked fields of user profile

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Trivial
    • Resolution: Duplicate
    • Affects Version/s: 1.5
    • Fix Version/s: 1.6.4, 1.7.1, 1.8
    • Component/s: General
    • Labels:
      None
    • Environment:
      All
    • Database:
      MySQL
    • Affected Branches:
      MOODLE_15_STABLE
    • Fixed Branches:
      MOODLE_16_STABLE, MOODLE_17_STABLE, MOODLE_18_STABLE

      Description

      During the use of Moodle at the Florence University (Computer Science Degree),

      we meet the following problem:

      the locked fields of user profile are not leaked for deleting MySql special characters: i.e., when a user changes his profile, locked fields are copied without applying the function addslashes. If one of such fields contains, for example, ' (apostrophe) or any other MySql special character, Moodle (version 1.5.x) gives an error message when tries to save data on the database. The file moodle/user/edit.php has to be edited to solve this problem as follow:

      Original code :

      // override locked values

      if (!isadmin()) {

      $fields = get_user_fieldnames();

      $authconfig = get_config( 'auth/' . $user->auth );

      foreach ($fields as $field) {

      $configvariable = 'field_lock_' . $field;

      if ( $authconfig->{$configvariable} === 'locked'

      // ($authconfig->

      { $configvariable} === 'unlockedifempty'

      && !empty($user->$field)) )

      {if (!empty( $user->$field)) { // Original string $usernew->$field = $user->$field;}

      }

      }



      Modified Code:

      // override locked values

      if (!isadmin()) {

      $fields = get_user_fieldnames();

      $authconfig = get_config( 'auth/' . $user->auth );

      foreach ($fields as $field) {

      $configvariable = 'field_lock_' . $field;

      if ( $authconfig->{$configvariable} === 'locked'

      // ($authconfig->{ $configvariable}

      === 'unlockedifempty'

      && !empty($user->$field)) )

      {if (!empty( $user->$field))

      { // Modified String $usernew->$field = addslashes(clean_text(stripslashes(trim ($user->$field)), FORMAT_MOODLE)); }

      }

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              skodak Petr Skoda
              Reporter:
              imported Imported
              Tester:
              Nobody Nobody
              Participants:
              Component watchers:
              Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias, Sujith Haridasan
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Fix Release Date:
                17/Jan/07